First Project
Zamjari channel we need to make a .ts sample from biss scrambled channel (only 1-2 second) with SkyStar2 PC card.
Other receiver ts recording is not good.
We need to know what is VPID or APID of the channel (in decimal).
For example NBA VPID is 518 (dec).
NSS11
12411 V
tp 8
DVB-S 11110-5/6
JBS BISS 1 4194 4195 K
Zamjari 2 BISS 3 4245 4246 K
Zamjari 1 BISS 4 4381 4382 K
Zamjari 1 Vpid:4381
Zamjari 2 VPid:4245
download CWFinder and open
Start 111111111111
End ffffffffffff
will finished 10 years 4 months and 2 days
Example of Biss Key of Zamjari:
Zamjari F 00021FFF 01 55 21 0c 72 7d d5 30 72;
Zamjari F 00031FFF 00 55 21 0c 72 7d d5 30 72;
Some Format uses this :
B 12411:11110:V 55210c727dd53072 ; TV7 INDO Zamjari tv tonytr 2009-01-22 19:59
VPID of Zamjari is Big Unknown ??? see this 2 links below :
http://www.lyngsat.com/nss11.html
http://jefmanado.wordpress.com/2010/03/03/nss-11-zamjari-chanel/#comment-211
Zamjari 1 Vpid:4381
Zamjari 2 VPid:4245
My experience is only Skystar2 PID record ok
CWFinder needs VPID or APID data of any TV Channel.
CWFinder use 3 of payload start indicator ts data (3 x 288 bytes packages), but it needs only first 16 bytes from them.
If ts record does not content payload ts CWFinder says: ERROR -> END OF FILE.
USEFULL REFERENCE FOR THIS:
http://forum.paytv.ro/showthread.php?s=130223a9e07153ccdd508911ae70a6a4&t=43931
http://forum.paytv.ro/showthread.php?t=43931&page=2
Friday, November 12, 2010
Tuesday, November 9, 2010
Wednesday, November 3, 2010
Finding RSA and BK Key
Like i said my current bin file is from kowalski. But from what i now all you have to do is the following:
- Desolder the EBGA64 from the Board with a hot air station
- Reball the BGA
- Read the BGA using an usb programmer like UP2008 with an EBGA 64 adapter (Can be done with a Software - easy)
The part that requires electronic skills is desoldering and reballing the BGA. All you really need is the equipment and to know how to do it - or someone that can do that for you.
What about decrypting the bin file? I'd really like to try to decrypt the already known RSA + Boxkey from my current dump. I know the position of the data, but I'm unable to decrypt it. If i succeed with that i will try to get a dump from my new receiver.
The best process is to remove the component, remove the old solder from the board using desoldering braid and a variable power, fixed temperature soldering system fitted with a blade tip. This will ensure the site is flat. Then clean the old flux from the PCB with an approved solvent. Now if you are using solder paste, you need to apply the solder paste directly to the solder balls on the component using a solder paste plate. If you prefer paste flux, you need to apply the flux with a flux dip plate to ensure a uniform and repeatable application. Place the component and reflow the part with a convection rework machine.
This is not BK and RSA !
This is the local only !
The BK and RSA is encrypted , you decrypt, you get the bk on this off set local!
how to decrypt? is the question ?????
Hi
The correct RSA is:
A4B27E6FD42xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx24F1
Hope you can get something out of the original bin file.
Ciao
a3639
##################################################
I know now how to get RSA and BK key
the block begins with 016c
==================================================
SK 96 BYTES
==================================================
11111111<----------------------------FIRST 4 BYTES---- IRD
XXXXXXXXXXXXXXXXXXXX<--NEXT 10 BYTES---- GARBAGE
1111111111111111<--------8 BYTES---- Y1---WRITE DOWN
==================================================
11111111111111111111111111111111-_
11111111111111111111111111111111-_-_"N" 64 Bytes
11111111111111111111111111111111-_-
11111111111111111111111111111111-
==================================================
1111111111111111<-------8 BYTES--- Y2-----WRITE DOWN
XXXX<-------------------2 BYTES--- CHECKSUM
==================================================
Y2 Xor Y1 = BOXKEY
==================================================
#####################################
IRD #:61 61 71 45
n3_boxkey =1f 54 fd 76 8c e1 07 8a
n3_rsakey = 18 a8 86 4f 87 6d fb 0c 72 c9 a7 27 a8 c5 27 a9 9a 46
2e 25 9f 28 42 b0 2f 29 6c c0 39 d1 bd b0 31 d8 c4 51 b9 8f 98 0e
45 42 13 65 24 68 8f 4e 88 0b 66 22 43 96 93 b3 d9 23 34 cf e1 92
76 49
- Desolder the EBGA64 from the Board with a hot air station
- Reball the BGA
- Read the BGA using an usb programmer like UP2008 with an EBGA 64 adapter (Can be done with a Software - easy)
The part that requires electronic skills is desoldering and reballing the BGA. All you really need is the equipment and to know how to do it - or someone that can do that for you.
What about decrypting the bin file? I'd really like to try to decrypt the already known RSA + Boxkey from my current dump. I know the position of the data, but I'm unable to decrypt it. If i succeed with that i will try to get a dump from my new receiver.
The best process is to remove the component, remove the old solder from the board using desoldering braid and a variable power, fixed temperature soldering system fitted with a blade tip. This will ensure the site is flat. Then clean the old flux from the PCB with an approved solvent. Now if you are using solder paste, you need to apply the solder paste directly to the solder balls on the component using a solder paste plate. If you prefer paste flux, you need to apply the flux with a flux dip plate to ensure a uniform and repeatable application. Place the component and reflow the part with a convection rework machine.
This is not BK and RSA !
This is the local only !
The BK and RSA is encrypted , you decrypt, you get the bk on this off set local!
how to decrypt? is the question ?????
Hi
The correct RSA is:
A4B27E6FD42xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx24F1
Hope you can get something out of the original bin file.
Ciao
a3639
##################################################
I know now how to get RSA and BK key
the block begins with 016c
==================================================
SK 96 BYTES
==================================================
11111111<----------------------------FIRST 4 BYTES---- IRD
XXXXXXXXXXXXXXXXXXXX<--NEXT 10 BYTES---- GARBAGE
1111111111111111<--------8 BYTES---- Y1---WRITE DOWN
==================================================
11111111111111111111111111111111-_
11111111111111111111111111111111-_-_"N" 64 Bytes
11111111111111111111111111111111-_-
11111111111111111111111111111111-
==================================================
1111111111111111<-------8 BYTES--- Y2-----WRITE DOWN
XXXX<-------------------2 BYTES--- CHECKSUM
==================================================
Y2 Xor Y1 = BOXKEY
==================================================
#####################################
IRD #:61 61 71 45
n3_boxkey =1f 54 fd 76 8c e1 07 8a
n3_rsakey = 18 a8 86 4f 87 6d fb 0c 72 c9 a7 27 a8 c5 27 a9 9a 46
2e 25 9f 28 42 b0 2f 29 6c c0 39 d1 bd b0 31 d8 c4 51 b9 8f 98 0e
45 42 13 65 24 68 8f 4e 88 0b 66 22 43 96 93 b3 d9 23 34 cf e1 92
76 49
Subscribe to:
Posts (Atom)